ChainCatcher news, according to The Block, the Solana Foundation announced that it has removed a group of validator operators from its delegation program due to their involvement in "sandwich" attacks on Solana users.Mert Mumtaz, co-founder of Solana RPC provider Helius, explained that this move will ensure that the foundation does not delegate to validators that engage in malicious sandwich attacks on retail users.

ChainCatcher news, according to PeckShieldAlert monitoring, a whale address starting with 0x4a8B has fallen victim to a phishing attack, resulting in a loss of $813,000 worth of LINK. After allowing the first phishing attempt, the victim suffered a sandwich attack without slippage protection while exchanging 58,200 LINK (worth about $813,000) for 222.4 ETH (worth about $494,000), leading to a loss of $301,000. The total loss amounts to approximately $1.1 million.

According to ChainCatcher news, based on EigenPhi data, the MEV Bot controlled by jaredfromsubway.eth (0x6b...9A80) made a profit of $4.746 million through sandwich attacks on November 13. Among them, in two sandwich attacks on GROK/WETH and ide/WETH, profits of approximately $2.264 million and $2.191 million were made by spending costs of $224.86 and $321.01, respectively.In the past 30 days, jaredfromsubway.eth has accumulated a profit of $5.721 million from 76,800 transactions.

ChainCatcher news, Slow Mist founder Yu Xian posted on social media that a replacement loop attack has emerged in the Lightning Network, which is somewhat similar to the sandwich attack in MEV, using a front-and-back squeeze to extract funds from the targeted victim.The implementation of this attack method is not easy and requires meeting the following conditions: opening two channels on the victim; routing payments through one of these two channels; successfully replacing the victim's HTLC-timeouts within Δ blocks; at the same time, ensuring that the victim does not discover the HTLC pre-image transaction.Before this risk is mitigated, project teams using the Lightning Network should be cautious when establishing channels with upstream and downstream partners, preferably collaborating with reputable entities to reduce the risk of being squeezed. Specific situations still need further testing and verification.

ChainCatcher news, Uniswap Labs stated on social media that Uniswap Wallet has launched Swap Protection to prevent front-running and sandwich attacks, improving the token transfer fee experience.

ChainCatcher news, according to monitoring by PeckShield, there were a total of 41 hacking incidents in April this year, with a total of 93.4 million dollars stolen. As of April 30, 1245 ETH and 2515 BNB were transferred to [Tornado Cash](https://www.rootdata.com/zh/Projects/detail/Tornado Cash?k=NDA5), and 203 ETH were transferred to Fixed Float. In addition, "jaredfromsubway.eth" gained at least 1.4 million dollars from a sandwich attack involving PEPE. (Source link)

ChainCatcher news, over 30 Ethereum projects including Safe, BitKeep, DODO, Oasis, Balancer, and 1inch have collaborated to launch the MEV Blocker RPC, a tool designed to protect users from various types of MEV attacks.It is reported that the MEV Blocker protects users from front-running and sandwich attacks on Ethereum transactions. By using the MEV Blocker, users can enjoy a fast, free, and censorship-resistant RPC for processing transactions. By adding this RPC endpoint to their wallets, they can gain protection immediately. (source link)

ChainCatcher news, according to monitoring by the blockchain security audit company Beosin's Beosin EagleEye platform, MEV bots suffered malicious sandwich attacks, resulting in losses of approximately 25 million USD. The Beosin security team provided a brief analysis of the incident.The results are as follows:In one example of the attack, the attacker first targeted a pool with very low liquidity and tested whether the MEV bot would front-run the transaction. For instance, in the image below, we can see that the attacker tested the MEV bot with 0.04 WETH, enticing the MEV bot to engage in front-running arbitrage. It was discovered that the pool indeed had an MEV bot monitoring, and the MEV bot would use all its funds for arbitrage. On the other hand, the MEV bot used the attacker's node to mine blocks; the attacker had also been trying to see if the MEV would use his validator for block production, thus validating in advance whether the MEV bot would execute and allowing the validator to view the bundle.After successfully testing, the attacker used a large amount of tokens previously exchanged in Uniswap V3 to conduct exchange operations in the low liquidity V2 pool, enticing the MEV to use all of its WETH to front-run the purchase of worthless tokens. However, the transaction that was front-run was actually targeting the MEV's attack transaction, using a large amount of tokens to exchange for all the WETH that the MEV had just front-run.At this point, since the WETH that the MEV was front-running had already been exchanged by the attack transaction, the MEV bot's attempt to exchange back for WETH would fail.The main conditions for the attack's success may be that the MEV still uses all its funds for arbitrage in low liquidity pools, that in Uniswap V3, a small amount of funds can obtain the same tokens, while their value has been manipulated and unbalanced in the V2 pool, and that the attacker may have validator node permissions, allowing them to modify the bundle.Beosin's KYT anti-money laundering analysis platform found that the current funds are located at the addresses:0x3c98d617db017f51c6a73a13e80e1fe14cd1d8eb (19,923,735.49 USD), 0x5B04db6Dd290F680Ae15D1107FCC06A4763905b6 (2,334,519.51 USD), 0x27bf8f099Ad1eBb2307DF1A7973026565f9C8f69 (2,971,393.59 USD). (source link)

ChianCatcher news, DEX aggregator 1inch has launched a feature called 1inch RabbitHole to prevent users from being subjected to "sandwich attacks" during trading. This feature sends users' trades directly to validators including Flashbots, BloXroute, Eden, and Manifold instead of the transaction pool.1inch stated that this feature will be free to use during the testing period, and the future charging method for this feature will be determined, one possibility being to stake a certain amount of 1INCH Token. (source link)

ChainCatcher news, PeckShield stated on Twitter that an MEV bot spent 31.06 ETH in transaction fees to execute a "sandwich attack" on a transaction worth approximately 25 million USD, resulting in the validator who packaged the block receiving a total reward of 32.09 ETH (worth about 40,800 USD). (Source link)

ChainCatcher news, Balancer DAO's technical lead Mike B tweeted that there have been some serious sandwich attacks in the USDT/DAI liquidity pool of the decentralized trading platform DODO. The pool has a liquidity of less than $10 million, while the daily trading volume reaches between $50 million and $100 million, due to MEV (Maximum Extractable Value). "Worse yet, when users load DODO in a new browser, the default slippage is set to 3%, instead of being automatically set to a more appropriate 0.1%."At the end of the tweet, Mike B suggested to Dodo: the official should add fees to the trades in the pool, which could significantly reduce the number of trades. Additionally, the default slippage should be changed; non-stableswap trades should not default to 3%. (source link)